bonjour, je viens d'acheter le logiciel MALWARE PROTECTOR sur le site, et après installation, cela me dit que la base de données est obsolète et qu'il faut de suite lancer une mise à jour. lorsque je la demande, le message suivant apparaît : "Erreur lors du chargement des mises à jour Vérifier les paramètres internet" Pouvez-vous m'aider ? Merci.

Hello C'est une arnaque!! Limite un rogue! Peux tu le désinstaller?

Je ne connais pas ce Malware protector je n'ai pas confiance en lui! Préviens ta banque! * Télécharge sur le bureau RogueKiller * Quitte tous tes programmes en cours. * Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur * Sinon lance simplement RogueKiller.exe * Patiente pendant le pre-scan, puis clique sur le bouton Scan * Un rapport RKreport.txt a du se créer sur le bureau, poste-le. Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois. Si problème il y a il existe toujours une solution N'oubliez pas de mettre votre sujet en résolu

Passe Roguekiller Désinstalle tout ce qui est wajam,optimizer pro

pourquoi ce n'es pas le pre scan qui s'est proposé, ni le boutonscan ?

je n'arrive pas à faire un copie/coller des rapports. pouvez vous me dire comment faire merci

Pour poster soit tu postes ici si c'est pas trop long Si c'est trop long héberge sur cjoint * Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html En attente du rapport

RogueKiller V8.7.1 [Oct 3 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : http://www.adlice.com/forum/ Site Web : https://www.luanagames.com/index.fr.html Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur : GEORGIA [Droits d'admin] Mode : Recherche -- Date : 10/05/2013 10:37:20 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 3 ¤¤¤ [SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc] [SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc] [SUSP PATH] hpqtra08.exe -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [7] -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 1 ¤¤¤ [V2][SUSP PATH] EPUpdater : C:\Users\GEORGIA\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> TROUVÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Lecteurs de disque standard) - WDC WD10EADS-65L5B1 +++++ --- User --- [MBR] e8a50a1acf6f494ea147cc5d01741ba0 [BSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 938978 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_10052013_103720.txt >> Merci pour votre aide

Coucou ;) * Quitte tous tes programmes en cours * Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur * Sinon lance simplement RogueKiller.exe * Patiente pendant le pre-scan, clique sur Scan * Vérifie que tous les éléments sont cochés puis clique sur Suppression * Poste le rapport RKreport.txt présent sur le bureau.

Base de données obsolète à l'installation de Malware Protector

Réponse 21 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
6 oct. 2013 à 16:39

Oui j'en suis sûre :)

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
6 oct. 2013 à 16:47

merci beaucoup. A plus tard

Réponse 22 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
6 oct. 2013 à 17:33

C'est à l'exécution du logiciel qu'il faudra le lancer en tant qu'admin

Pour le setup aussi

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
6 oct. 2013 à 17:43

ok

Réponse 23 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
7 oct. 2013 à 14:44

Hello

http://cjoint.com/data3/3JhoRr2a6JC_hongie.txt

Je regarde ton rapport

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
7 oct. 2013 à 14:52

ok merci.

Réponse 24 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
7 oct. 2013 à 14:55

Il faudrait que tu lances windows update car ton antivirus est pas à jour!

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
7 oct. 2013 à 15:05

ok je lance

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
7 oct. 2013 à 16:03

Windows uptade m'a proposé 3MAJ (facultatives) à charger
-MS Sécurity Essentiels
-Windows vista\Amuyni
-Bing Desktop
j'ai redémarré le pc en suivant

par contre lorsque je veux aller (pour visu) en modification programme (par démarrer\configuration)
je suis bloqué et le message suivant apparait : "Windows Défender est désactivé, vous devez l'ouvrir et l'activer".

est ce normal ?

Réponse 25 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
7 oct. 2013 à 16:07

Pour windows defender on verra ça après

Bing desktop pas la peine!

MSE oui :)

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
7 oct. 2013 à 16:11

ok merci

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
9 oct. 2013 à 09:35

Hello Lilidurhone :)
Merci pour vos compétences et le temps que vous m'avez consacré.
mon pc aujourd'hui semble réparé, pourriez-vous me dire quand vous pourrez si vous avez pu regarder le dernier rapport et si nous pouvons lancer le ZHPFIX et si je peux pour l'avenir garder sur le bureau ou dans C les programmes que nous avons effectués ensemble.
Merci d'avance et bonne journée.
:)

Réponse 26 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
9 oct. 2013 à 10:46

Tu peux refaire un zhpdiag

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
9 oct. 2013 à 11:06

https://www.cjoint.com/?3JjleOugJYe

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
9 oct. 2013 à 12:46

~ Rapport de ZHPDiag v2013.10.8.23 - Nicolas Coolman (08/10/2013)
~ Lancé par GEORGIA (09/10/2013 10:52:22)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):

---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v2.28 =>Piriform Ltd
Uniblue RegistryBooster v6.0.7.2

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 635 GB (69%) free of 917 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-GEORGIA
~ User Name: GEORGIA
~ All Users Names: GEORGIA, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\GEORGIA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\GEORGIA\AppData\Roaming\
~ %Desktop% : C:\Users\GEORGIA\Desktop\
~ %Favorites% : C:\Users\GEORGIA\Favorites\
~ %LocalAppData% : C:\Users\GEORGIA\AppData\Local\
~ %StartMenu% : C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 635 Go of 917 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Etat du Centre de Sécurité Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.75F110F4005DAE430AECA787FDEA9CBB] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/07/2013 - 14:19:03.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.1898FAE8E07D97F2F6C2D5326C633FAC] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:46:50.) -- C:\Windows\system32\Drivers\atapi.sys [22584]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/27469
~ Mes musiques (My Musics) : 1/1577
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/80
~ Mes Documents (My Documents) : 16/876
~ Mon Bureau (My Desktop) : 1/109
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 03s

---\\ Processus lancés
[MD5.055E69B5E4841098A4EAE04EE7EEB0A2] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.3496]
[MD5.596C3DD487001E237CCE431EAE6F3EA0] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144] [PID.3968]
[MD5.7E436B07C60B3A1D992648526732DB4F] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072] [PID.3992]
[MD5.1BA45CDEF852381DA4A95D056DDB4B48] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [210520] [PID.4024]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.4032]
[MD5.CD441BF2F5CFD46B5105891DDFFDFBA2] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424] [PID.4060]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4076]
[MD5.B93C4070F24E46B0097648C276B5039E] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.4084]
[MD5.017335C7AEFA8ED76750DB95A78D6BFA] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640] [PID.1408]
[MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2360]
[MD5.85E7BB8A103644085C5C665481022E56] - (.Hewlett-Packard Co. - HP CUE Status.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [271960] [PID.2376]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.3564]
[MD5.AA9CBDCD4675A48755DDA3A73BE3E283] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [757400] [PID.5700]
[MD5.707044F591E100F947D48037E0999D50] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.5796]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2044]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1200]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1312]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1084]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2404]
[MD5.F79525634B192F5A18DE503568F94EF3] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2684]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] https://www.google.com/?gws_rd=ssl
G0 - GCSP: Preference [User Data\Default][HomePage] https://search.safefinder.com/?q= =>Hijacker.SmartBar
G0 - GCSP: Preference [User Data\Default] https://search.safefinder.com/?q= =>Hijacker.SmartBar
G2 - GCE: Preference [User Data\Default] [amfclgbdpgndipgoegfpkkgobahigbcl] Snap.Do v.1.4, (Activé) =>Hijacker.SmartBar
~ Google Browser: 11 Legitimates Filtered in 00mn 12s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\GEORGIA\AppData\Roaming\Mozilla\Firefox\Profiles\bjwu9vvm.default\prefs.js
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Desktop [Public]: Webcam Station Evolution SE.lnk . (.Guillemot Corporation S.A. - Hercules Webcam Station Evolution SE.) -- C:\Program Files (x86)\Hercules\DualPix Exchange\Station2.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [GEORGIA]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [GEORGIA]: HP MediaSmart.lnk . (...) -- c:\Windows\Installer\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}\_BD15A4BF3888028F418EC7.exe
O4 - GS\QuickLaunch [GEORGIA]: Meteo en France.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Meteo.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Uniblue RegistryBooster.lnk . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe
O4 - GS\Desktop [GEORGIA]: 0 ENTRETIENS JARDIN ARGELES.lnk . (...) -- C:\Users\GEORGIA\Contacts\Documents\Documents\0 ENTRETIENS JARDIN ARGELES.xlsx
O4 - GS\Desktop [GEORGIA]: Antoinette 18 mai 1906.lnk . (...) -- C:\Users\GEORGIA\Contacts\Documents\Documents\Antoinette 18 mai 1906.docx
O4 - GS\Desktop [GEORGIA]: HPPSDr.lnk . (...) -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 04s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [GEORGIA]: Outil de notification de cadeaux MSN.lnk . (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Remote Software] . (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [CamserviceExchange] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrlEx.exe
O4 - HKLM\..\Run: [CamserviceDP] . (.Guillemot Corporation S.A. - CamService Application.) -- C:\Program Files (x86)\Hercules\DualPix Exchange\x64\Camservice.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GEORGIA\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-18\..\Run: [orangeinside] C:\Windows\system32\config\systemprofile\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GEORGIA\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5455DD31-210A-4771-80D5-254DF02CA569}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89B15CC-9B67-49D3-8CA1-13AA4BFDDE63}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{5455DD31-210A-4771-80D5-254DF02CA569}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F89B15CC-9B67-49D3-8CA1-13AA4BFDDE63}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Util BrowseFox (Util BrowseFox) . (...) - C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe (.not file.) =>Adware.BrowseFox
~ Services: 11 Legitimates Filtered in 00mn 04s

---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{CBB46976-4DF4-4B06-849A-816E4A92C33C}] (...) -- E:\Installer.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 01s

---\\ Logiciels installés (O42)
O42 - Logiciel: Comptes First - (...) [HKCU][64Bits] -- COMPTES FIRST
O42 - Logiciel: LimeWire 5.4.8 - (.Lime Wire, LLC.) [HKLM][64Bits] -- LimeWire
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
~ Logic: 197 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\MBE CONCEPT]
[HKCU\Software\Mbe Concept©]
[HKCU\Software\Yahoo]
[HKLM\Software\Wow6432Node\AMJ]
[HKLM\Software\Wow6432Node\Yahoo]
~ Key Software: 263 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/03/2010 - 21:06:06 - [58,150] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 02/08/2010 - 12:32:28 - [7,777] ----D C:\Program Files (x86)\Yahoo!
O43 - CFD: 25/10/2009 - 09:09:02 - [0] ----D C:\ProgramData\IM
O43 - CFD: 25/10/2009 - 09:08:32 - [0,428] ----D C:\ProgramData\IncrediMail
O43 - CFD: 02/08/2010 - 12:32:28 - [0,005] ----D C:\ProgramData\Yahoo!
O43 - CFD: 09/11/2010 - 13:06:45 - [6,585] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 21/07/2010 - 18:02:25 - [0] ----D C:\Users\GEORGIA\AppData\Roaming\LimeWire
O43 - CFD: 19/11/2009 - 14:27:07 - [0,016] ----D C:\Users\GEORGIA\AppData\Roaming\Yahoo!
O43 - CFD: 28/11/2009 - 23:06:46 - [-1105,197] ----D C:\Users\GEORGIA\AppData\Local\IM
O43 - CFD: 09/08/2010 - 18:27:27 - [0] ----D C:\Users\GEORGIA\AppData\Local\Yahoo
O43 - CFD: 07/03/2010 - 21:06:06 - [0] ----D C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
~ Program Folder: 251 Legitimates Filtered in 00mn 26s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.674963C3B4714A89BE4DF8C01788D0F7] - 04/10/2013 - 07:29:44 ---A- . (...) -- C:\FINIS_IT.TXT [375]
~ Files: 5 Legitimates Filtered in 00mn 01s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.AC375F45E4F39161854E058A2CB79808] - 07/10/2013 - 15:46:48 ---A- - C:\Windows\Prefetch\HPQPPROP.EXE-DB573EDD.pf
O45 - LFCP:[MD5.19E21A7A458D5981638CA631BD645438] - 07/10/2013 - 15:46:48 ---A- - C:\Windows\Prefetch\HPQTBX01.EXE-E1B8EF3B.pf
~ Prefetcher: 47 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.40014A6251A68D1EC48001B1653CCEE0] - 21/01/2008 - 03:47:30 ---A- . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616]
O58 - SDL:[MD5.99FB9675904D92C18B2840A6467DD4A1] - 04/10/2010 - 19:30:22 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41624]
~ Drivers: 21 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/10/2013 - 10:53:54 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\HOSTS.txt [741] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 10:53:54 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\Log.txt [159756] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 10:53:54 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\TestsZHPDiag.txt [2932] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 10:53:54 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 10:53:54 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPDiag.txt [48318] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 10:53:55 ---A- . (...) -- C:\Users\GEORGIA\Downloads\adwcleaner-3.006.exe [1045226]
~ 5 Fichiers temporaires (Temporary files)
~ Files: 33 Legitimates Filtered in 00mn 27s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 09/11/2008 - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (YahooAUService) .(.Yahoo! Inc. - AutoUpater Service Module.) - LEGACY_YAHOOAUSERVICE
~ Legacy: 91 Legitimates Filtered in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {101D7715-F4F6-4330-AF29-F4B7C1390BF1} [DefaultScope] - (RueDuCommerce) - http://widgets.rueducommerce.fr
O69 - SBI: SearchScopes [HKCU] {105E99FF-8B9A-4492-B155-06194B9056D2} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {316C26D3-82FB-402E-887E-2179EBBCCEC3} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {4CC44241-54EF-439E-9371-7073678D9D6C} - (AlloCine) - https://www.allocine.fr/
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {F5A68249-B787-4957-804D-C300E5DD2C90} - (Yahoo!) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A6F50F23E39CC856E04789DB954316B] [SPRF][14/09/2013] (...) -- C:\Users\GEORGIA\AppData\Local\d3d9caps.dat [7512]
[MD5.C967793B287114BD84F390CC9AE6E841] [SPRF][20/10/2012] (...) -- C:\Users\GEORGIA\AppData\Local\d3d9caps64.dat [1460]
[MD5.F3C37E60733738EE1B5B85D02AE60B6B] [SPRF][07/10/2013] (...) -- C:\Users\GEORGIA\AppData\Local\Temp\defaultCache.reg [81526]
[MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\GEORGIA\AppData\Local\Temp\Quarantine.exe [344601]
[MD5.3BF53B05F1D86595A8E47A6091DEA69A] [SPRF][05/10/2013] (...) -- C:\Users\GEORGIA\Desktop\RogueKiller.exe [950272]
~ Files: 10 Legitimates Filtered in 00mn 00s

---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{571F7AE2-8957-4D0A-86E2-7723E40A271F}" |In - Private - P6 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe (.not file.)
O87 - FAEL: "{C7E05AAC-23CF-4477-8CA5-72ADC317AD4F}" |In - Private - P17 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe (.not file.)
O87 - FAEL: "{5B61DCF6-C61C-442E-AB09-BFC30811CCE1}" |In - Private - P6 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\incredimail_installer.exe (.not file.)
O87 - FAEL: "{26D0D045-C913-42A2-B8F0-BF5129D83DA8}" |In - Private - P17 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\incredimail_installer.exe (.not file.)
O87 - FAEL: "{7EC9F9CA-A7B7-40C8-8FA4-5EB4BBA5F57C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{168899D2-30AD-4B61-861D-1B45AD8D289C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{3F8E35E2-C74C-42B8-8529-028D7589789B}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{321AE78C-73CB-494B-AE15-1369BFE3E4AB}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{FBD8B6CC-D5E3-41EF-B121-DB8445A81223}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{B26F7032-FCD8-4091-96AF-6D21A6228A15}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{2618B8F3-FD76-4658-824B-39E508F63311}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{1793F58A-13F9-4F3B-AD8D-C12171C86896}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{FF701B0D-C474-49E5-A8C0-46D736A6B66A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{2943427C-4726-4319-BE5C-0C0E72BD5384}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{40FF6259-2852-4844-91C4-7D65DC214B98}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{C36B8D99-D1B9-4EF8-B096-DB6B74C2A2AA}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{32C924A0-0D18-4C44-8857-31A03B2636C0}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{E74F9B4D-ABD8-43A9-B4F6-FD13BAA4FE51}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{19E1E1F8-D3DB-422A-B7DD-D33001B29AB1}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{41096019-7ECD-4AEE-AA27-2B6D5C4885AD}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{B98EF6BD-F140-4A89-A6E7-C6CF1DA2D97A}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{E9B404FD-81BB-4E2C-872D-B75485BB914A}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{4826032B-4AE1-47D1-B7C7-F115F96BFDF3}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{B02671C8-344A-4C69-8D46-AE8DD59DC29E}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{EABF76A9-D3B9-4D5B-97A6-A186FC6755CC}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{6367DBD6-0E20-4E9A-AE2E-DCE0D2ABCD58}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{B024FBCD-6F5C-4D04-B769-23E3ADC2CC3D}" |In - Public - P6 - TRUE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\7zS1812\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{51918873-D5D5-4CA8-9365-757182FE59CE}" |In - Public - P17 - TRUE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\7zS1812\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 284 Legitimates Filtered in 00mn 01s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "532E1E0054BA59641A6570138149E94D" . (.HiYo.) -- C:\Windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.LimeWire Toolbar.) -- C:\Program Files (x86)\Ask.com\cobrand.ico
O90 - PUC: "E17A8F77515323848B2BF2E1BD2D0E1F" . (.Bing Bar.) -- C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 218 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5FBB07C2A85C08DBCE283EC9E6B0EDFA] [WIS][31/08/2010] (.Nom de votre société - PhotoMail Maker.) -- C:\Windows\Installer\26c20e.msi [1152512]
[MD5.2B59612AC41F3493AB9B57283B27453C] [WIS][05/01/2012] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\28fc750.msi [121344]
[MD5.E4D71E66245D3447E72064F1953316F8] [WIS][05/01/2012] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\28fc773.msi [121344]
[MD5.51A75DCF23A86D66A948075F2D08B5A0] [WIS][05/01/2012] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\28fc78f.msi [121344]
[MD5.1962733897391FB0FB19B6823BDC3F9B] [WIS][05/01/2012] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\28fc7a7.msi [121344]
[MD5.B8BC80C285980B0773628AA0E5BCD09A] [WIS][23/08/2010] (.Micro Application - LauncherMA.) -- C:\Windows\Installer\438d450.msi [348160]
~ WIS: 223 Legitimates Filtered in 00mn 08s

---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 27/01/2009 949248 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 28/11/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/11/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/12/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 02/02/2009 23536 | (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Util BrowseFox) . (...) - C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe =>Adware.BrowseFox
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services: Scanned in 00mn 09s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by GEORGIA at 09/10/2013 10:55:02
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by GEORGIA at 09/10/2013 10:55:04

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)
Database Version : 12943 - (08/10/2013)
Clés trouvées (Keys found) : 29
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl] =>Hijacker.SmartBar^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseFox] =>Adware.BrowseFox^
[HKLM\Software\Classes\TypeLib\{13b1a411-66d8-49ac-bbc6-0102f0918aed}] =>PUP.Eorezo
[HKLM\Software\Classes\TypeLib\{15d9ca76-f712-4548-b2a5-c67cd47ac47a}] =>PUP.Eorezo
[HKLM\Software\Classes\AppID\{584e8107-e34a-493a-a015-06e3841482be}] =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Classes\AppID\{584e8107-e34a-493a-a015-06e3841482be}] =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>Hijacker.SmartBar^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =>Toolbar.Bing^
C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe =>Adware.BrowseFox^
~ Additionnel Scan: 444539 Items scanned in 00mn 28s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ MSI: 13 link(s) detected in 00mn 28s

~ 1461 Legitimates filtered by white list
End of the scan (589 lines in 03mn 10s)(0)

Réponse 27 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
9 oct. 2013 à 20:35

Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !

* Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier soit le bloc note(tu surlignes avec la souris puis clic droit copier de Script ZHPFix jusqu'à la fin soit Emptytemp)

Script ZHPFix
G0 - GCSP: Preference [User Data\Default][HomePage] https://search.safefinder.com/?q= =>Hijacker.SmartBar
G0 - GCSP: Preference [User Data\Default] https://search.safefinder.com/?q= =>Hijacker.SmartBar
G2 - GCE: Preference [User Data\Default] [amfclgbdpgndipgoegfpkkgobahigbcl] Snap.Do v.1.4, (Activé) =>Hijacker.SmartBar
O4 - GS\QuickLaunch [GEORGIA]: Meteo en France.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Meteo.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Uniblue RegistryBooster.lnk . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe
O23 - Service: Util BrowseFox (Util BrowseFox) . (...) - C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe (.not file.) =>Adware.BrowseFox
[MD5.00000000000000000000000000000000] [APT] [{CBB46976-4DF4-4B06-849A-816E4A92C33C}] (...) -- E:\Installer.exe (.not file.) [0]
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
[HKCU\Software\Yahoo]
[HKCU\Software\IncrediMail]
[HKLM\Software\Wow6432Node\Yahoo]
O43 - CFD: 02/08/2010 - 12:32:28 - [7,777] ----D C:\Program Files (x86)\Yahoo!
O43 - CFD: 25/10/2009 - 09:09:02 - [0] ----D C:\ProgramData\IM
O43 - CFD: 25/10/2009 - 09:08:32 - [0,428] ----D C:\ProgramData\IncrediMail
O43 - CFD: 02/08/2010 - 12:32:28 - [0,005] ----D C:\ProgramData\Yahoo!
O43 - CFD: 19/11/2009 - 14:27:07 - [0,016] ----D C:\Users\GEORGIA\AppData\Roaming\Yahoo!
O43 - CFD: 28/11/2009 - 23:06:46 - [-1105,197] ----D C:\Users\GEORGIA\AppData\Local\IM
O43 - CFD: 09/08/2010 - 18:27:27 - [0] ----D C:\Users\GEORGIA\AppData\Local\Yahoo
O64 - Services: CurCS - 09/11/2008 - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (YahooAUService) .(.Yahoo! Inc. - AutoUpater Service Module.) - LEGACY_YAHOOAUSERVICE
O87 - FAEL: "{571F7AE2-8957-4D0A-86E2-7723E40A271F}" |In - Private - P6 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe (.not file.)
O87 - FAEL: "{C7E05AAC-23CF-4477-8CA5-72ADC317AD4F}" |In - Private - P17 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe (.not file.)
O87 - FAEL: "{5B61DCF6-C61C-442E-AB09-BFC30811CCE1}" |In - Private - P6 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\incredimail_installer.exe (.not file.)
O87 - FAEL: "{26D0D045-C913-42A2-B8F0-BF5129D83DA8}" |In - Private - P17 - FALSE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\ImInstaller\incredimail_installer.exe (.not file.)
O87 - FAEL: "{7EC9F9CA-A7B7-40C8-8FA4-5EB4BBA5F57C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{168899D2-30AD-4B61-861D-1B45AD8D289C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{3F8E35E2-C74C-42B8-8529-028D7589789B}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{321AE78C-73CB-494B-AE15-1369BFE3E4AB}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{FBD8B6CC-D5E3-41EF-B121-DB8445A81223}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{B26F7032-FCD8-4091-96AF-6D21A6228A15}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{2618B8F3-FD76-4658-824B-39E508F63311}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{1793F58A-13F9-4F3B-AD8D-C12171C86896}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{FF701B0D-C474-49E5-A8C0-46D736A6B66A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{2943427C-4726-4319-BE5C-0C0E72BD5384}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{40FF6259-2852-4844-91C4-7D65DC214B98}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{C36B8D99-D1B9-4EF8-B096-DB6B74C2A2AA}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{32C924A0-0D18-4C44-8857-31A03B2636C0}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{E74F9B4D-ABD8-43A9-B4F6-FD13BAA4FE51}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{19E1E1F8-D3DB-422A-B7DD-D33001B29AB1}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{41096019-7ECD-4AEE-AA27-2B6D5C4885AD}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{B98EF6BD-F140-4A89-A6E7-C6CF1DA2D97A}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{E9B404FD-81BB-4E2C-872D-B75485BB914A}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{4826032B-4AE1-47D1-B7C7-F115F96BFDF3}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{B02671C8-344A-4C69-8D46-AE8DD59DC29E}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{EABF76A9-D3B9-4D5B-97A6-A186FC6755CC}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{6367DBD6-0E20-4E9A-AE2E-DCE0D2ABCD58}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{B024FBCD-6F5C-4D04-B769-23E3ADC2CC3D}" |In - Public - P6 - TRUE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\7zS1812\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{51918873-D5D5-4CA8-9365-757182FE59CE}" |In - Public - P17 - TRUE | .(...) -- C:\Users\GEORGIA\AppData\Local\Temp\7zS1812\HPDiagnosticCoreUI.exe (.not file.)
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.LimeWire Toolbar.) -- C:\Program Files (x86)\Ask.com\cobrand.ico
O90 - PUC: "E17A8F77515323848B2BF2E1BD2D0E1F" . (.Bing Bar.) -- C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =>Toolbar.Bing
SS - | Demand 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
[HKLM\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl] =>Hijacker.SmartBar^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseFox] =>Adware.BrowseFox^
[HKLM\Software\Classes\TypeLib\{13b1a411-66d8-49ac-bbc6-0102f0918aed}] =>PUP.Eorezo
[HKLM\Software\Classes\TypeLib\{15d9ca76-f712-4548-b2a5-c67cd47ac47a}] =>PUP.Eorezo
[HKLM\Software\Classes\AppID\{584e8107-e34a-493a-a015-06e3841482be}] =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Classes\AppID\{584e8107-e34a-493a-a015-06e3841482be}] =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>Hijacker.SmartBar^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =>Toolbar.Bing^
C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe =>Adware.BrowseFox^
Sysrestore
Emptytemp

* Lance ZHPFix (icône seringue)en tant qu'administrateur(si tu es sous Vista/7/8)sinon double clique sur l'icône en forme de seringue puis clique sur OK pour continuer.

* Cliques sur importer(Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".)

* Si tu ne vois pas les lignes clic droit dans l'encadré puis coller

* Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.

* Zhpfix te proposera de vider la corbeille si tu le souhaites cliques sur oui si tu ne le souhaites pas cliques sur non

* Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
10 oct. 2013 à 09:18

Hello Lilidurhone :)

voici le rapport ZHPFix

Rapport de ZHPFix 2013.10.8.4 par Nicolas Coolman, Update du 08/10/2013
Fichier d'export Registre :
Run by GEORGIA at 10/10/2013 09:04:28
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)

Corbeille vidée (Annulé par l'utilisateur)

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

========== Modules mémoire ==========
SUPPRIMÉ: Memory Module: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

========== Etat des services ==========
YAHOOAUSERVICE Arrêté

========== Clés du Registre ==========
ERREUR: Service LEGACY_YAHOOAUSERVICE
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\A28B4D68DEBAA244EB686953B7074FEF]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\E17A8F77515323848B2BF2E1BD2D0E1F]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\E17A8F77515323848B2BF2E1BD2D0E1F]
SUPPRIMÉ: Service: YahooAUService
SUPPRIMÉ: HKLM\Software\Classes\TypeLib\{13b1a411-66d8-49ac-bbc6-0102f0918aed}
SUPPRIMÉ: HKLM\Software\Classes\TypeLib\{15d9ca76-f712-4548-b2a5-c67cd47ac47a}
SUPPRIMÉ: HKLM\Software\Classes\AppID\{584e8107-e34a-493a-a015-06e3841482be}
SUPPRIMÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}
SUPPRIMÉ:* HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIMÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A047FE02-C91C-41CB-898C-4ED21B86025A}
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}
SUPPRIMÉ: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
SUPPRIMÉ: HKLM\Software\Wow6432Node\Canneverbe Limited\OpenCandy

========== Valeurs du Registre ==========
SUPPRIMÉ: {571F7AE2-8957-4D0A-86E2-7723E40A271F}
SUPPRIMÉ: {C7E05AAC-23CF-4477-8CA5-72ADC317AD4F}
SUPPRIMÉ: {5B61DCF6-C61C-442E-AB09-BFC30811CCE1}
SUPPRIMÉ: {26D0D045-C913-42A2-B8F0-BF5129D83DA8}
SUPPRIMÉ: {7EC9F9CA-A7B7-40C8-8FA4-5EB4BBA5F57C}
SUPPRIMÉ: {168899D2-30AD-4B61-861D-1B45AD8D289C}
SUPPRIMÉ: {3F8E35E2-C74C-42B8-8529-028D7589789B}
SUPPRIMÉ: {321AE78C-73CB-494B-AE15-1369BFE3E4AB}
SUPPRIMÉ: {FBD8B6CC-D5E3-41EF-B121-DB8445A81223}
SUPPRIMÉ: {B26F7032-FCD8-4091-96AF-6D21A6228A15}
SUPPRIMÉ: {2618B8F3-FD76-4658-824B-39E508F63311}
SUPPRIMÉ: {1793F58A-13F9-4F3B-AD8D-C12171C86896}
SUPPRIMÉ: {FF701B0D-C474-49E5-A8C0-46D736A6B66A}
SUPPRIMÉ: {2943427C-4726-4319-BE5C-0C0E72BD5384}
SUPPRIMÉ: {40FF6259-2852-4844-91C4-7D65DC214B98}
SUPPRIMÉ: {C36B8D99-D1B9-4EF8-B096-DB6B74C2A2AA}
SUPPRIMÉ: {32C924A0-0D18-4C44-8857-31A03B2636C0}
SUPPRIMÉ: {E74F9B4D-ABD8-43A9-B4F6-FD13BAA4FE51}
SUPPRIMÉ: {19E1E1F8-D3DB-422A-B7DD-D33001B29AB1}
SUPPRIMÉ: {41096019-7ECD-4AEE-AA27-2B6D5C4885AD}
SUPPRIMÉ: {B98EF6BD-F140-4A89-A6E7-C6CF1DA2D97A}
SUPPRIMÉ: {E9B404FD-81BB-4E2C-872D-B75485BB914A}
SUPPRIMÉ: {4826032B-4AE1-47D1-B7C7-F115F96BFDF3}
SUPPRIMÉ: {B02671C8-344A-4C69-8D46-AE8DD59DC29E}
SUPPRIMÉ: {EABF76A9-D3B9-4D5B-97A6-A186FC6755CC}
SUPPRIMÉ: {6367DBD6-0E20-4E9A-AE2E-DCE0D2ABCD58}
SUPPRIMÉ: {B024FBCD-6F5C-4D04-B769-23E3ADC2CC3D}
SUPPRIMÉ: {51918873-D5D5-4CA8-9365-757182FE59CE}
SUPPRIMÉ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}
SUPPRIMÉ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg

========== Dossiers ==========
SUPPRIMÉ: C:\Users\GEORGIA\AppData\Local\IM
SUPPRIMÉ: C:\Users\GEORGIA\AppData\Local\Yahoo
SUPPRIME Temporaires Windows

========== Fichiers ==========
SUPPRIMÉ:*** c:\program files (x86)\google\google toolbar\googletoolbar_64.dll
SUPPRIMÉ: C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico
SUPPRIMÉ:* c:\windows\installer\{77f8a71e-3515-4832-b8b2-2f1edbd2e0f1}\icon_installer_ico
SUPPRIME Temporaires Windows

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Récapitulatif ==========
1 : Processus mémoire
1 : Modules mémoire
29 : Clés du Registre
30 : Valeurs du Registre
3 : Dossiers
4 : Fichiers
1 : Etat des services
1 : Restauration Système

End of clean in 13mn 34s

========== Chemin de fichier rapport ==========
C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/10/2013 09:04:48 [6268]

Merci Lilidurhone.

Réponse 28 / 28

lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 3 807
10 oct. 2013 à 10:48

Refais moi un zhpdiag

hangie Messages postés 36 Date d'inscription vendredi 4 octobre 2013 Statut Membre Dernière intervention 10 octobre 2013
10 oct. 2013 à 12:50

Bonjour Lilidurhone,
TOUJOURS PAS NETTOYE MON PC ?
Merci pour votre disponibilité.

~ Rapport de ZHPDiag v2013.10.9.27 - Nicolas Coolman (09/10/2013)
~ Lancé par GEORGIA (10/10/2013 12:27:55)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v2.28 =>Piriform Ltd
Uniblue RegistryBooster v6.0.7.2

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 635 GB (69%) free of 917 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-GEORGIA
~ User Name: GEORGIA
~ All Users Names: GEORGIA, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\GEORGIA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\GEORGIA\AppData\Roaming\
~ %Desktop% : C:\Users\GEORGIA\Desktop\
~ %Favorites% : C:\Users\GEORGIA\Favorites\
~ %LocalAppData% : C:\Users\GEORGIA\AppData\Local\
~ %StartMenu% : C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 635 Go of 917 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Etat du Centre de Sécurité Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.3CD6F07E6416ED6E18A1965CD2B9144A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 15:33:53.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.1898FAE8E07D97F2F6C2D5326C633FAC] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:46:50.) -- C:\Windows\system32\Drivers\atapi.sys [22584]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/27469
~ Mes musiques (My Musics) : 1/1577
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/80
~ Mes Documents (My Documents) : 16/878
~ Mon Bureau (My Desktop) : 1/111
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 25s

---\\ Processus lancés
[MD5.055E69B5E4841098A4EAE04EE7EEB0A2] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.3472]
[MD5.596C3DD487001E237CCE431EAE6F3EA0] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144] [PID.3756]
[MD5.7E436B07C60B3A1D992648526732DB4F] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072] [PID.3152]
[MD5.1BA45CDEF852381DA4A95D056DDB4B48] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [210520] [PID.1468]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.2424]
[MD5.CD441BF2F5CFD46B5105891DDFFDFBA2] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424] [PID.1324]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2900]
[MD5.B93C4070F24E46B0097648C276B5039E] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.3308]
[MD5.017335C7AEFA8ED76750DB95A78D6BFA] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640] [PID.2496]
[MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.1676]
[MD5.39A26778EC10928572664729F8FEA7DE] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832] [PID.1228]
[MD5.85E7BB8A103644085C5C665481022E56] - (.Hewlett-Packard Co. - HP CUE Status.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [271960] [PID.4812]
[MD5.423B4B810003BBB765220FC0B27EBAA7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8068608] [PID.2740]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.4904]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.940]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1844]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.2040]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2120]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2364]
[MD5.F79525634B192F5A18DE503568F94EF3] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2636]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 12 Legitimates Filtered in 00mn 07s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\GEORGIA\AppData\Roaming\Mozilla\Firefox\Profiles\bjwu9vvm.default\prefs.js
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Desktop [Public]: Webcam Station Evolution SE.lnk . (.Guillemot Corporation S.A. - Hercules Webcam Station Evolution SE.) -- C:\Program Files (x86)\Hercules\DualPix Exchange\Station2.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [GEORGIA]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [GEORGIA]: HP MediaSmart.lnk . (...) -- c:\Windows\Installer\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}\_BD15A4BF3888028F418EC7.exe
O4 - GS\QuickLaunch [GEORGIA]: Meteo en France.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Meteo.lnk - Clé orpheline
O4 - GS\QuickLaunch [GEORGIA]: Uniblue RegistryBooster.lnk . (...) -- C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe (.not file.)
O4 - GS\Desktop [GEORGIA]: 0 ENTRETIENS JARDIN ARGELES.lnk . (...) -- C:\Users\GEORGIA\Contacts\Documents\Documents\0 ENTRETIENS JARDIN ARGELES.xlsx
O4 - GS\Desktop [GEORGIA]: Antoinette 18 mai 1906.lnk . (...) -- C:\Users\GEORGIA\Contacts\Documents\Documents\Antoinette 18 mai 1906.docx
O4 - GS\Desktop [GEORGIA]: HPPSDr.lnk . (...) -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 01s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [GEORGIA]: Outil de notification de cadeaux MSN.lnk . (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\GEORGIA\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Remote Software] . (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [CamserviceExchange] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrlEx.exe
O4 - HKLM\..\Run: [CamserviceDP] . (.Guillemot Corporation S.A. - CamService Application.) -- C:\Program Files (x86)\Hercules\DualPix Exchange\x64\Camservice.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GEORGIA\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-18\..\Run: [orangeinside] C:\Windows\system32\config\systemprofile\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GEORGIA\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1197845047-857176231-4260321091-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5455DD31-210A-4771-80D5-254DF02CA569}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89B15CC-9B67-49D3-8CA1-13AA4BFDDE63}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{5455DD31-210A-4771-80D5-254DF02CA569}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F89B15CC-9B67-49D3-8CA1-13AA4BFDDE63}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{5455DD31-210A-4771-80D5-254DF02CA569}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F89B15CC-9B67-49D3-8CA1-13AA4BFDDE63}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Logiciels installés (O42)
O42 - Logiciel: Comptes First - (...) [HKCU][64Bits] -- COMPTES FIRST
O42 - Logiciel: LimeWire 5.4.8 - (.Lime Wire, LLC.) [HKLM][64Bits] -- LimeWire
~ Logic: 195 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\MBE CONCEPT]
[HKCU\Software\Mbe Concept©]
[HKLM\Software\Wow6432Node\AMJ]
~ Key Software: 259 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/03/2010 - 21:06:06 - [58,150] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 09/11/2010 - 13:06:45 - [6,585] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 21/07/2010 - 18:02:25 - [0] ----D C:\Users\GEORGIA\AppData\Roaming\LimeWire
O43 - CFD: 07/03/2010 - 21:06:06 - [0] ----D C:\Users\GEORGIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
~ Program Folder: 244 Legitimates Filtered in 00mn 55s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.674963C3B4714A89BE4DF8C01788D0F7] - 04/10/2013 - 07:29:44 ---A- . (...) -- C:\FINIS_IT.TXT [375]
O44 - LFC:[MD5.7BCE39EE2B61BC3A17E80BC0583F6797] - 09/10/2013 - 17:25:47 ---A- . (...) -- C:\Windows\System32\Drivers\usbd.sys [7552]
O44 - LFC:[MD5.603F4C5E89B67331DDACECAA6C231CB1] - 09/10/2013 - 17:25:49 ---A- . (...) -- C:\Windows\System32\Drivers\hidparse.sys [31616]
~ Files: 93 Legitimates Filtered in 00mn 06s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9BF508649917B7DCDF99B9170129CEEC] - 10/10/2013 - 07:38:59 ---A- - C:\Windows\Prefetch\UNYT_W~1.EXE-1D5110D0.pf
O45 - LFCP:[MD5.C5CD329916B12901C59A0C20C9016C90] - 10/10/2013 - 07:39:04 ---A- - C:\Windows\Prefetch\UNYT_BS.EXE-18EC23B9.pf
O45 - LFCP:[MD5.16A24F514BCCF3ACC30A128D231DBFF4] - 10/10/2013 - 08:12:16 ---A- - C:\Windows\Prefetch\HP REMOTE V1.0.5.EXE-D4BF8685.pf
O45 - LFCP:[MD5.68401B3749424C7134023E29FFE79E56] - 10/10/2013 - 08:31:14 ---A- - C:\Windows\Prefetch\HPQPPROP.EXE-DB573EDD.pf
O45 - LFCP:[MD5.7120333ADF128D34CAC2049495E2EA9B] - 10/10/2013 - 08:31:15 ---A- - C:\Windows\Prefetch\HPQTBX01.EXE-E1B8EF3B.pf
~ Prefetcher: 95 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.40014A6251A68D1EC48001B1653CCEE0] - 21/01/2008 - 03:47:30 ---A- . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616]
O58 - SDL:[MD5.99FB9675904D92C18B2840A6467DD4A1] - 04/10/2010 - 19:30:22 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41624]
~ Drivers: 21 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 07/10/2013 - 12:36:43 ---A- . (...) -- C:\Users\GEORGIA\Downloads\t_openwindowsupdate1.0.zip [1420]
O61 - LFC: 09/10/2013 - 12:32:36 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\HOSTS.txt [741] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 12:35:59 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 12:36:00 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPDiag.txt [46614] =>.Nicolas Coolman
O61 - LFC: 09/10/2013 - 12:36:25 ---A- . (...) -- C:\Users\GEORGIA\Downloads\adwcleaner-3.006.exe [1045226]
O61 - LFC: 10/10/2013 - 12:30:46 ---A- . (...) -- C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 10/10/2013 - 12:31:01 ---A- . (...) -- C:\Users\GEORGIA\AppData\Local\Google\Chrome\User Data\Local State [51844]
O61 - LFC: 10/10/2013 - 12:32:36 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\Log.txt [178208] =>.Nicolas Coolman
O61 - LFC: 10/10/2013 - 12:35:59 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\TestsZHPDiag.txt [2932] =>.Nicolas Coolman
O61 - LFC: 10/10/2013 - 12:36:00 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPExportRegistry-10-10-2013-09-04-48.txt [6204054] =>.Nicolas Coolman
O61 - LFC: 10/10/2013 - 12:36:00 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [1338] =>.Nicolas Coolman
O61 - LFC: 10/10/2013 - 12:36:00 ---A- . (...) -- C:\Users\GEORGIA\AppData\Roaming\ZHP\ZHPFix[R1].txt [6350] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 780 Legitimates Filtered in 13mn 43s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {101D7715-F4F6-4330-AF29-F4B7C1390BF1} [DefaultScope] - (RueDuCommerce) - http://widgets.rueducommerce.fr
O69 - SBI: SearchScopes [HKCU] {105E99FF-8B9A-4492-B155-06194B9056D2} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {316C26D3-82FB-402E-887E-2179EBBCCEC3} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {4CC44241-54EF-439E-9371-7073678D9D6C} - (AlloCine) - https://www.allocine.fr/
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {F5A68249-B787-4957-804D-C300E5DD2C90} - (Yahoo!) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A6F50F23E39CC856E04789DB954316B] [SPRF][14/09/2013] (...) -- C:\Users\GEORGIA\AppData\Local\d3d9caps.dat [7512]
[MD5.C967793B287114BD84F390CC9AE6E841] [SPRF][20/10/2012] (...) -- C:\Users\GEORGIA\AppData\Local\d3d9caps64.dat [1460]
[MD5.3BF53B05F1D86595A8E47A6091DEA69A] [SPRF][05/10/2013] (...) -- C:\Users\GEORGIA\Desktop\RogueKiller.exe [950272]
~ Files: 7 Legitimates Filtered in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "532E1E0054BA59641A6570138149E94D" . (.HiYo.) -- C:\Windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe
~ Update Products: 216 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5FBB07C2A85C08DBCE283EC9E6B0EDFA] [WIS][31/08/2010] (.Nom de votre société - PhotoMail Maker.) -- C:\Windows\Installer\26c20e.msi [1152512]
[MD5.2B59612AC41F3493AB9B57283B27453C] [WIS][05/01/2012] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\28fc750.msi [121344]
[MD5.E4D71E66245D3447E72064F1953316F8] [WIS][05/01/2012] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\28fc773.msi [121344]
[MD5.51A75DCF23A86D66A948075F2D08B5A0] [WIS][05/01/2012] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\28fc78f.msi [121344]
[MD5.1962733897391FB0FB19B6823BDC3F9B] [WIS][05/01/2012] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\28fc7a7.msi [121344]
[MD5.B8BC80C285980B0773628AA0E5BCD09A] [WIS][23/08/2010] (.Micro Application - LauncherMA.) -- C:\Windows\Installer\438d450.msi [348160]
~ WIS: 223 Legitimates Filtered in 00mn 12s

---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 27/01/2009 949248 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 28/11/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/11/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/12/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 02/02/2009 23536 | (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by GEORGIA at 10/10/2013 12:45:58
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by GEORGIA at 10/10/2013 12:46:00

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)
Database Version : 12944 - (09/10/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
~ Additionnel Scan: 444672 Items scanned in 00mn 28s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 28s

~ 2322 Legitimates filtered by white list
End of the scan (474 lines in 18mn 33s)(0)

Base de données obsolète à l'installation de Malware Protector

28 réponses

Discussions similaires